CVE-2020-6964

Name of the Vulnerable Software and Affected Versions ApexPro Telemetry Server versions 4.2 and prior CARESCAPE Telemetry Server version 4.2 and prior Clinical Information Center (CIC) versions 4.X and 5.X CARESCAPE Central Station (CSCS) versions 1.X and 2.X

Description The integrated service for keyboard switching in the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

Recommendations For ApexPro Telemetry Server versions 4.2 and prior, consider restricting network access to the integrated service for keyboard switching until a fix is available. For CARESCAPE Telemetry Server version 4.2 and prior, restrict access to the keyboard switching service to prevent unauthorized input. For Clinical Information Center (CIC) versions 4.X and 5.X, limit network exposure of the affected service to minimize the risk of exploitation. For CARESCAPE Central Station (CSCS) versions 1.X and 2.X, disable the keyboard switching feature temporarily to prevent remote access without authentication.